A typical computer system generally includes one or more memory subsystems which are connected to one or more central processing units ("CPUs") either directly or through a control unit and a communications channel. The function of these memory subsystems is to store data and programs which the CPU(s) use in performing particular data processing tasks. Modern computer systems also include systems in which a relatively large computer system is formed by networking together multiple smaller computer systems.
Many types of memory subsystems are used in a variety of combinations in current computer systems. These include random access memory ("RAM"), dynamic random access memory ("DRAM"), read-only memory ("ROM"), nonvolatile memory and large-capacity storage devices for storing large quantities of data. A typical large-capacity storage device subsystem may include one or more disk drives, tape drives and/or CD-ROMs connected to the computer system through appropriate control units. A serious problem arises, however, if a memory subsystem fails or is caused to fail such that data stored therein is destroyed, corrupted and/or no longer available to the system.
Such a failure could for example be caused by a computer virus, an illegal program instruction or the failure of all or part of a disk drive's storage medium. Such failures typically cause the entire computer system to cease functioning (i.e., "crash"), and also compromise the security of all of the data stored within the computer system. These types of failures could for example destroy all stored data, the computer's operating system and/or the operating system's ability to initialize and restart (i.e., "boot") the computer. Such data failures can take any number of forms, from the slow subtle destruction of sensitive data to the instantaneous destruction of all data and software necessary to run or restart the computer system.
Computer system memory subsystems such as disk drives typically operate by communicating with the computer system's CPU(s) either directly or indirectly through an appropriate control unit. Operating disk drives in this conventional fashion normally exposes the entire contents of the disk drive storage device to spurious commands and electronic signals for the entire time the computer system is operating. As a result, during this time all of the data stored in the disk drive is exposed to destruction or corruption.
Although attempts have been made in the prior art to protect memory subsystems from unwanted corruption or destruction, none of these solutions has succeeded in providing the level of protection necessary to eliminate such risks in the case of events such as infiltration by a computer virus. In the case of disk drive storage systems in particular, none of the prior art solutions provide sufficient protection against corruption of data stored therein. This is because prior art systems do not sufficiently restrict the computer system's access to only portions of the disk drive containing data necessary for operation of the computer system by the current user or users.
For example, U.S. Pat. Nos. 5,586,301 and 5,657,470 disclose personal computer hard disk protection systems which partition hard disk drives into multiple zones, each having restricted user and application program access. U.S. Pat. No. 5,129,088 discloses a mechanism for dynamically reconfiguring such partitions based on the computer system's changing requirements. U.S. Pat. No. 5,829,053 discloses a more efficient mechanism for managing the partitioning code data which is used to control such a partitioning scheme. In addition, U.S. Pat. No. 5,519,844 discloses a RAID (Redundant Array of Inexpensive Disks) disk drive architecture for providing redundant disk drive copies of data so that, in the event that one copy is irreparably corrupted or destroyed, another undamaged copy of the data nevertheless can be retrieved. None of these protection systems, however, prevents a computer system and its operating system from accessing or communicating with certain portions of a disk drive system in the event that program data is corrupted, such as in the event of infiltration by a computer virus for example. In the event of such an infiltration, all data stored in the disk drive system could be corrupted or destroyed.
Therefore, a need has arisen for a system which will protect certain desired portions of data stored in a computer memory subsystem from spurious commands and electronic signals while the computer system is operating, thereby protecting such stored data from possible undesired destruction or corruption. The need has also arisen in particular for a system which provides such protection to a disk drive storage system, and which restricts the computer system to communicating with only those portions of data necessary for operation of the computer system by the current user or users.